Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Gi7w0rm Profile picture
Gi7w0rm
@Gi7w0rm
Threat Intelligence and #URINT Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p
Sep 25 13 tweets 8 min read
So @censysio just deployed the "suspicious-open-dir" label to their search engine.
So far it appears a game changer, giving very solid hit rates on finding malicious infrastructure.

So for today, this will be a thread documenting my findings using the new feature.

1/x Image @censysio Starting of, we have
hxxps://dev.deutsche-privatbank[.]de/

It does not need a genius to understand that this is someones #phishing setup.
Thanks to an exposed .git file we can clearly see that the tool used is:


@DeutscheBank might want to have a look
2/x github.com/BiZken/PhishMa…
Image
Apr 9, 2022 10 tweets 12 min read
#Nginx 1.18 exploit in the wild!

#infosec #0day #exploit

@campuscodi Some more information on the #Nginx #0day by @_Blue_hornet as shared via DM and published here with permission: Image
Mar 4, 2022 8 tweets 6 min read
The #ContiLeaks contained some messages consisting of IP:Username:pass combinations for #Conti infrastructure.
This allows us to connect certain #Trickbot activcity with the #Conti group:

1/x Image The IP's in the image are the following:
117.252.69[.]134
117.252.68[.]15
116.206.153[.]212
103.78.13[.]150
103.47.170[.]131
103.47.170[.]130
118.91.190[.]42
117.197.41[.]36
117.222.63[.]77
117.252.69[.]210

2/x